Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

InfiniteMix ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our handling of AppSumo license activations, AI credit tracking, and refund-related data.

By using InfiniteMix, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password
  • AppSumo License Data: License key, purchase date, plan tier (Creator/Pro/Studio)
  • Payment Information: Processed by AppSumo (we don't store payment details directly)
  • Profile Information: Optional profile picture, bio, preferences
  • Content: Audio files you upload, mixes you create, AI generation prompts
  • Communications: Messages you send to our support team, refund requests

2.2 Automatically Collected Information

  • Usage Data: Features used, AI credits consumed, manual mixing activity, time spent, video exports
  • Device Information: Browser type, IP address, operating system, screen resolution
  • Device Fingerprint: Unique identifier generated from browser/device characteristics (for license enforcement and fraud prevention)
  • Cookies: Session cookies for authentication, preferences, and analytics
  • Analytics: Aggregated usage statistics for improving the Service
  • API Usage Logs: AI generation requests (Kie.ai, Replicate), timestamps, success/failure status

Why We Collect Device Fingerprints:

Device fingerprinting helps us enforce the 3-device limit per license, prevent account sharing abuse, detect fraudulent refund requests, and protect legitimate users from unauthorized access. This data cannot personally identify you but helps us maintain service integrity.

2.3 Credit Usage & Refund Tracking

We collect and store data about your service usage for refund eligibility determination:

  • AI Credits Allocated: Total credits granted based on your AppSumo plan
  • AI Credits Remaining: Current balance after AI generations
  • Credit Usage History: Timestamps of each AI generation, type (music/thumbnail/description), credits consumed
  • Manual Mixing Activity: Number of manual mixes created (does not affect refund eligibility)
  • First AI Usage Date: Timestamp when you first used AI generation (affects refund calculation)
  • Refund Eligibility Status: Calculated automatically based on usage percentage

3. How We Use Your Information

We use your information to:

Service Operation:

  • Provide, operate, and maintain the Service
  • Process your audio files and create mixes using AI and manual tools
  • Authenticate your account and validate AppSumo license keys
  • Track AI credit consumption and enforce usage limits
  • Prevent fraud, license sharing, and abuse

Communication:

  • Send service-related notifications (credit low balance, expiring downloads)
  • Respond to support requests and refund inquiries
  • Notify you of policy changes or service updates

Refund Processing:

  • Calculate refund eligibility based on AI credit usage percentage
  • Determine refund amount using our tiered policy (full/partial/none)
  • Detect suspicious refund patterns or abuse
  • Coordinate with AppSumo for refund processing

Security & Compliance:

  • Detect and prevent unauthorized access or fraudulent activity
  • Enforce device limits (3 devices per license)
  • Comply with legal obligations and respond to legal requests
  • Conduct security audits and investigations

Improvement & Analytics:

  • Analyze usage patterns to improve features
  • Monitor AI API performance and quality
  • Optimize user experience and interface
  • Generate anonymized statistics and reports

4. Data Storage and Security

4.1 Storage Locations & Duration

  • Account Data (Permanent): Email, license key, credits, device fingerprints – stored in secure database (Supabase/PostgreSQL)
  • Uploaded Audio Files (Temporary): Stored on AWS S3, automatically deleted after 24 hours
  • Generated Mixes (Temporary): Available for download for 30 days, then automatically deleted
  • AI-Generated Content: Music, thumbnails stored temporarily; you must download within 30 days
  • Usage Logs: Credit consumption logs retained for 2 years (for refund/dispute resolution)
  • Analytics Data: Aggregated usage statistics retained indefinitely (anonymized)

4.2 Security Measures

  • Encryption in Transit: All data transmitted over HTTPS/TLS 1.3
  • Encryption at Rest: Files encrypted using AES-256, database encrypted
  • Password Security: Passwords hashed using bcrypt (never stored in plaintext)
  • Access Controls: Role-based access, principle of least privilege
  • Regular Audits: Security assessments, penetration testing, vulnerability scans
  • API Security: Rate limiting, authentication tokens, request validation
  • Backup & Recovery: Daily encrypted backups, disaster recovery plan

Important: No security system is 100% foolproof. While we implement industry best practices, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password.

5. Data Sharing and Disclosure

WE DO NOT SELL YOUR PERSONAL DATA. We will never sell, rent, or trade your personal information to third parties.

5.1 Service Providers (Third Parties We Work With)

We share data with trusted third-party services that help us operate:

  • AppSumo: License validation, payment processing, refund coordination
  • Kie.ai: AI music generation (your prompts, generation requests)
  • Replicate: AI image/thumbnail generation (your prompts, image data)
  • AWS (Amazon Web Services): File storage (S3), cloud hosting, compute
  • Supabase/PostgreSQL: Database hosting for account and credit data
  • Vercel/Railway: Application hosting and deployment
  • Google Analytics: Website usage analytics (anonymized, IP anonymization enabled)
  • Email Service (SendGrid/AWS SES): Transactional emails (account notifications, refund communications)

All third-party providers are contractually obligated to protect your data and use it only for the services we've engaged them for.

5.2 Legal Requirements & Law Enforcement

We may disclose your information if required to:

  • Comply with legal obligations (subpoenas, court orders, warrants)
  • Enforce our Terms of Service or investigate violations
  • Protect the rights, property, or safety of InfiniteMix, our users, or the public
  • Prevent fraud, security threats, or illegal activities
  • Respond to government requests in accordance with applicable law

5.3 Business Transfers

If InfiniteMix is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

6. Your Rights and Choices

You have the following rights regarding your personal data:

✓ Right to Access

Request a copy of all personal data we hold about you, including credit usage history

✓ Right to Correction

Update inaccurate or incomplete information in your account

✓ Right to Deletion ("Right to be Forgotten")

Request deletion of your account and all associated data (subject to legal retention requirements)

✓ Right to Data Portability

Export your data in JSON or CSV format (mixes, usage logs, account info)

✓ Right to Opt-Out

Unsubscribe from marketing emails (transactional emails required for service operation cannot be opted out)

✓ Right to Restrict Processing

Limit how we process your data while disputes are resolved

✓ Right to Object

Object to processing based on legitimate interests (subject to legal grounds)

How to Exercise Your Rights:

Email: privacy@infinitemix.com

We will respond within 30 days. Some rights may be limited by legal obligations or legitimate business interests.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Essential Cookies (Required)

  • Authentication tokens (keep you logged in)
  • Session management (remember your current work)
  • Security measures (CSRF protection)

Preference Cookies (Optional)

  • Language preferences
  • Theme settings (light/dark mode)
  • UI customizations

Analytics Cookies (Optional)

  • Google Analytics (anonymized, IP anonymization enabled)
  • Usage statistics (feature adoption, error rates)
  • Performance monitoring

You can control cookies through your browser settings. Disabling essential cookies may impact service functionality. See our Cookie Policy for details.

8. Data Retention

We retain different types of data for varying periods:

Data TypeRetention Period
Account InformationUntil account deletion
Uploaded Audio Files24 hours (auto-delete)
Generated Mixes & Videos30 days (auto-delete)
AI Generation Logs2 years (refund disputes)
Credit Usage History2 years (refund eligibility)
Device FingerprintsUntil account deletion
Support Communications3 years
Analytics Data (Anonymized)Indefinitely
Refund Request Records7 years (tax/legal)

After account deletion, some data may be retained for legal, tax, or fraud prevention purposes as required by law.

9. International Data Transfers

InfiniteMix is based in the United States. Your data may be transferred to and processed in countries outside your country of residence, including:

  • United States (primary hosting, company headquarters)
  • European Union (data centers for EU users)
  • Singapore (AWS Asia-Pacific region)

We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs)approved by the European Commission for EU data transfers. Your data is protected regardless of where it's processed.

10. Children's Privacy (COPPA Compliance)

The Service is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately at privacy@infinitemix.com, and we will delete it within 30 days.

Parents/guardians: If you discover your child has provided us with personal information without consent, please reach out so we can take appropriate action.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: What personal information is collected, used, shared, or sold
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We DO NOT SELL personal information (nothing to opt out of)
Right to Non-Discrimination: We won't discriminate against you for exercising your rights

To Exercise CCPA Rights:

Email privacy@infinitemix.com with "CCPA Request" in subject line

12. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply with the General Data Protection Regulation (GDPR).

Legal Basis for Processing:

  • Contract Performance: Processing necessary to provide the Service you purchased
  • Legitimate Interests: Fraud prevention, security, service improvement
  • Consent: Marketing communications (you can withdraw consent anytime)
  • Legal Obligations: Compliance with EU law, tax requirements

For more details, see our GDPR Compliance page. EU users can also contact our Data Protection Officer at dpo@infinitemix.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via:

  • Email notification (sent to your registered email address)
  • Prominent notice in the Service (banner or modal)
  • Updated "Last updated" date at the top of this page

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you don't agree to changes, you may delete your account.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach
  • Provide details about what data was compromised
  • Explain steps we're taking to address the breach
  • Offer guidance on protecting your account
  • Report to relevant authorities as required by law (GDPR, CCPA)

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Privacy Inquiries

privacy@infinitemix.com

Data Protection Officer (GDPR)

dpo@infinitemix.com

General Support

Contact Support

Refund-Related Data Requests

refunds@infinitemix.com

Mailing Address

InfiniteMix
[Your Company Address]
[City, State, ZIP]
United States

We aim to respond to all privacy-related requests within 30 days. For urgent security concerns, please mark your email as "URGENT" in the subject line.

© 2025 InfiniteMix. All rights reserved.

By using InfiniteMix, you acknowledge that you have read, understood, and agree to this Privacy Policy.